CISO, Abnormal Security
AWS and Azure
Abnormal Security is a rapidly-growing technology company that provides advanced email security to prevent credential phishing, business email compromise, account takeover, and more.
The team maintains its code base in GitHub and uses GitHub Actions and Terraform
to run its CI/CD process and define its infrastructure.
Abnormal is a cloud-first, largely remote, rapidly-growing technology company. Its cloud environment is hosted on both Amazon Web Services (AWS) and Microsoft Azure. They maintain a modern, microservices- based environment to enable highly-elastic spikes in usage, with the ability to scale from zero to the equivalent of 20 data centers and back down again in a matter of minutes.
To ensure a secure cloud environment and find vulnerabilities and misconfigurations, the team uses industry-leading security posture management and cloud security vulnerability solutions.
The team needed a way to quickly discover and prioritize the most critical issues in all of their alerts. For example, given 350 alerts, 300 might be low risk, 10 might be critical, and 40 might be high risk. Knowing where to focus first was important for efficiency.
The team spent too much time - often nights and weekends - manually de-duplicating the noise coming from their security tools. This meant downloading CSV files from each tool, mapping like alerts, deleting false positives, and searching for code owners.
Issue ownership Finding code owners for fixes It was challenging to find the right code owners for fixes and arm them with context on root causes.
The company connected the Dazz Remediation Cloud to their code repository and security tools via a simple API-based integration, and discovered and mapped its code-to-production development environment.
In a single pane of glass, Dazz showed them de-duplicated alerts and their root causes grouped by asset, vastly simplifying the view of the ephemeral virtual machines in their auto-scaling environment.Beyond reducing issues, the Dazz platform also identifies code owners, so those developers can take corrective action in a fraction of the time as before.
Finally, because of the single, cohesive view and comprehensive reporting in Dazz, the security and engineering teams are now able to audit infrastructure changes in Terraform as well as track remediation SLA adherence.
Understand the deployment process from code to cloud, unify cloudrisk from all tools, and identify architecture gaps.
Clean up the noise: deduplicate and prioritize CVEs and misconfigurations based on their unique rootcauses, and automatically find their owners.
Concise, contextual, and actionable processfor remediation, from detection to deployment.
Reduced issues to root causes: 1 ticket vs. 100s
Reduced mean time to remediation: days or less for critical issues
The team is in the process of shifting all vulnerability detections to Dazz, as well as taking advantage of the automation in Dazz to further cut its remediation time.